Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site hcrvx1.UUCP
Path: utzoo!hcrvax!hcrvx1!tom
From: tom@hcrvx1.UUCP (Tom Kelly)
Newsgroups: net.bugs
Subject: Re: 'stty', 'write', 'mail', 'readnews', et al.
Message-ID: <937@hcrvx1.UUCP>
Date: Fri, 7-Sep-84 11:03:20 EDT
Article-I.D.: hcrvx1.937
Posted: Fri Sep  7 11:03:20 1984
Date-Received: Sat, 8-Sep-84 00:28:42 EDT
References: <895@trwrb.UUCP> <1228@dalcs.UUCP> <747@dual.UUCP> <46@rlgvax.UUCP> <318@wucs.UUCP> <10028@gatech.UUCP>
Organization: Human Computing Resources, Toronto
Lines: 22

It's a general problem on any terminal that has a "transmit" screen
capability.  You don't have to use Mail or News; put the control sequence in
a man page, or a README file.  Anyone who looks at it executes your
trojan horse.

A very similar serious problem arose under another operating system with
which I am familiar.  It was possible to send a message to the operator's
console that contained these control characters.  Since the console was
always privileged, it was an easy way to give your account super-user
capabilities.  After it was discovered, the operating system was changed
to filter all messages to the console and remove certain control characters.

The program that controlled your terminal was also modifed to filter these
out so you couldn't send them to another user via the equivalent of
write(1).

This experience led me to conclude that I would just as soon not use
a terminal that had "transmit screen" ability, unless I could turn it
off.

Tom Kelly  (416) 922-1937
{utzoo, ihnp4, decvax}!hcr!hcrvx1!tom